WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst);
int (*get_construct_message_f) (SSL_CONNECTION *s,
- int (**confunc) (SSL_CONNECTION *s,
- WPACKET *pkt),
+ CON_FUNC_RETURN (**confunc) (SSL_CONNECTION *s,
+ WPACKET *pkt),
int *mt);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
- int (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
+ CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
int mt;
WPACKET pkt;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
return SUB_STATE_ERROR;
}
if (confunc != NULL) {
- int tmpret;
+ CON_FUNC_RETURN tmpret;
tmpret = confunc(s, &pkt);
- if (tmpret <= 0) {
+ if (tmpret == CON_FUNC_ERROR) {
WPACKET_cleanup(&pkt);
check_fatal(s);
return SUB_STATE_ERROR;
- } else if (tmpret == 2) {
+ } else if (tmpret == CON_FUNC_DONT_SEND) {
/*
* The construction function decided not to construct the
* message after all and continue. Skip sending.
ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
} ENC_WRITE_STATES;
+typedef enum {
+ CON_FUNC_ERROR = 0,
+ CON_FUNC_SUCCESS,
+ CON_FUNC_DONT_SEND
+} CON_FUNC_RETURN;
+
/*****************************************************************************
* *
* This structure should be considered "opaque" to anything outside of the *
}
}
-int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt)
{
unsigned char *p;
size_t sess_id_len;
protverr = ssl_set_client_hello_version(s);
if (protverr != 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, protverr);
- return 0;
+ return CON_FUNC_ERROR;
}
if (sess == NULL
if (s->hello_retry_request == SSL_HRR_NONE
&& !ssl_get_new_session(s, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
}
/* else use the pre-loaded session */
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random),
DOWNGRADE_NONE) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/*-
if (!WPACKET_put_bytes_u16(pkt, s->client_version)
|| !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* Session ID */
&& RAND_bytes_ex(sctx->libctx, s->tmp_session_id,
sess_id_len, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
} else {
sess_id_len = 0;
sess_id_len))
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* cookie stuff for DTLS */
|| !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
s->d1->cookie_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
/* Ciphers supported */
if (!WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s)),
pkt)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
if (!WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* COMPRESSION */
if (!WPACKET_start_sub_packet_u8(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s)
comp = sk_SSL_COMP_value(sctx->comp_methods, i);
if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
}
/* Add the NULL method */
if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* TLS extensions */
if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt)
#endif
}
-int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
unsigned long alg_k;
goto err;
}
- return 1;
+ return CON_FUNC_SUCCESS;
err:
OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
s->s3.tmp.pms = NULL;
s->s3.tmp.psk = NULL;
s->s3.tmp.psklen = 0;
#endif
- return 0;
+ return CON_FUNC_ERROR;
}
int tls_client_key_exchange_post_work(SSL_CONNECTION *s)
return WORK_ERROR;
}
-int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* no context available, add 0-length context */
if (!WPACKET_put_bytes_u8(pkt, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
} else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
if (!ssl3_output_cert_chain(s, pkt,
(s->s3.tmp.cert_req == 2) ? NULL
: s->cert->key)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
if (SSL_CONNECTION_IS_TLS13(s)
* state and thus ssl3_send_alert may crash.
*/
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_CANNOT_CHANGE_CIPHER);
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s)
}
#ifndef OPENSSL_NO_NEXTPROTONEG
-int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt)
{
size_t len, padding_len;
unsigned char *padding = NULL;
if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
|| !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
memset(padding, 0, padding_len);
- return 1;
+ return CON_FUNC_SUCCESS;
}
#endif
return 1;
}
-int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt)
{
if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
+ return CON_FUNC_ERROR;
}
s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
- return 1;
+ return CON_FUNC_SUCCESS;
}
* ssl->session->read_compression assign
* ssl->session->read_hash assign
*/
-int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
if (s->version == DTLS1_BAD_VER) {
s->d1->next_handshake_write_seq++;
if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
#ifndef OPENSSL_NO_SCTP
return 1;
}
-int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
{
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
OPENSSL_free(sig);
EVP_MD_CTX_free(mctx);
- return 1;
+ return CON_FUNC_SUCCESS;
err:
OPENSSL_free(sig);
EVP_MD_CTX_free(mctx);
- return 0;
+ return CON_FUNC_ERROR;
}
MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
return ret;
}
-int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
{
size_t finish_md_len;
const char *sender;
&& (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
if (s->server) {
s->s3.tmp.finish_md);
if (finish_md_len == 0) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
s->s3.tmp.finish_md_len = finish_md_len;
if (!WPACKET_memcpy(pkt, s->s3.tmp.finish_md, finish_md_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/*
&& !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key,
s->session->master_key_length)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
/*
*/
if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (!s->server) {
memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md,
s->s3.previous_server_finished_len = finish_md_len;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
-int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
s->key_update = SSL_KEY_UPDATE_NONE;
- return 1;
+ return CON_FUNC_SUCCESS;
}
MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt)
return MSG_PROCESS_FINISHED_READING;
}
-int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
/* Add a certificate to the WPACKET */
MSG_PROCESS_CONTINUE_READING
} MSG_PROCESS_RETURN;
-typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
+typedef CON_FUNC_RETURN (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
int ssl3_take_mac(SSL_CONNECTION *s);
int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt);
-__owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s,
+ WPACKET *pkt);
-__owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst,
__owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s);
/* some client-only functions */
-__owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s,
PACKET *pkt);
-__owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s,
WORK_STATE wst);
-__owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey);
-__owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s);
__owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s,
WORK_STATE wst);
__owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s);
#ifndef OPENSSL_NO_NEXTPROTONEG
-__owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
#endif
__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt);
-__owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s,
+ WPACKET *pkt);
/* some server-only functions */
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s,
WORK_STATE wst);
-__owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt);
-__owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s,
+ WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s,
+ WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s,
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s,
PACKET *pkt);
#endif
-__owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt);
+__owur CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s,
+ WPACKET *pkt);
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s,
PACKET *pkt);
IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
-static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt);
+static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s,
+ WPACKET *pkt);
/*
* ossl_statem_server13_read_transition() encapsulates the logic for the allowed
return 1;
}
-int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
unsigned int cookie_leni;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
&cookie_leni) == 0
|| cookie_leni > DTLS1_COOKIE_LENGTH) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
- return 0;
+ return CON_FUNC_ERROR;
}
s->d1->cookie_len = cookie_leni;
if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
s->d1->cookie_len)) {
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
/*-
return WORK_ERROR;
}
-int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
{
int compm;
size_t sl, len;
? hrrrandom : s->s3.server_random,
SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/*-
if (sl > sizeof(s->session->session_id)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* set up the compression method */
pkt, &len)
|| !WPACKET_put_bytes_u8(pkt, compm)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (!tls_construct_extensions(s, pkt,
: SSL_EXT_TLS1_2_SERVER_HELLO),
NULL, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
if (s->hello_retry_request == SSL_HRR_PENDING) {
*/
if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
} else if (!(s->verify_mode & SSL_VERIFY_PEER)
&& !ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */;
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
-int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!s->s3.tmp.cert_request) {
if (!ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
-int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
EVP_PKEY *pkdh = NULL;
unsigned char *encodedPoint = NULL;
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pctx = NULL;
size_t paramlen, paramoffset;
- int freer = 0, ret = 0;
+ int freer = 0;
+ CON_FUNC_RETURN ret = CON_FUNC_ERROR;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!WPACKET_get_total_written(pkt, ¶moffset)) {
OPENSSL_free(tbs);
}
- ret = 1;
+ ret = CON_FUNC_SUCCESS;
err:
EVP_PKEY_free(pkdh);
OPENSSL_free(encodedPoint);
return ret;
}
-int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
if (SSL_CONNECTION_IS_TLS13(s)) {
/* Send random context when doing post-handshake auth */
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
s->pha_context_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
s->pha_context, s->pha_context_len, 0) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/* reset the handshake hash back to just after the ClientFinished */
if (!tls13_restore_handshake_digest_for_pha(s)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
} else {
if (!WPACKET_put_bytes_u8(pkt, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
goto done;
}
if (!WPACKET_start_sub_packet_u8(pkt)
|| !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (SSL_USE_SIGALGS(s)) {
|| !tls12_copy_sigalgs(s, pkt, psigs, nl)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
}
if (!construct_ca_names(s, get_ca_names(s), pkt)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
done:
s->certreqs_sent++;
s->s3.tmp.cert_request = 1;
- return 1;
+ return CON_FUNC_SUCCESS;
}
static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt)
return ret;
}
-int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt)
{
CERT_PKEY *cpk = s->s3.tmp.cert;
if (cpk == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
/*
*/
if (SSL_CONNECTION_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return CON_FUNC_ERROR;
}
if (!ssl3_output_cert_chain(s, pkt, cpk)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt,
return 1;
}
-/*
- * Returns 1 on success, 0 to abort construction of the ticket (non-fatal), or
- * -1 on fatal error
- */
-static int construct_stateless_ticket(SSL_CONNECTION *s, WPACKET *pkt,
- uint32_t age_add,
- unsigned char *tick_nonce)
+static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s,
+ WPACKET *pkt,
+ uint32_t age_add,
+ unsigned char *tick_nonce)
{
unsigned char *senc = NULL;
EVP_CIPHER_CTX *ctx = NULL;
SSL_CTX *tctx = s->session_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
- int iv_len, ok = -1;
+ int iv_len;
+ CON_FUNC_RETURN ok = CON_FUNC_ERROR;
size_t macoffset, macendoffset;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
* ticket
*/
if (SSL_CONNECTION_IS_TLS13(s)) {
- ok = 0;
+ ok = CON_FUNC_DONT_SEND;
goto err;
}
/* Put timeout and length */
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
ssl_hmac_free(hctx);
- return 1;
+ return CON_FUNC_SUCCESS;
}
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
goto err;
}
- ok = 1;
+ ok = CON_FUNC_SUCCESS;
err:
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
s->ext.extra_tickets_expected--;
}
-int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt)
{
SSL_CTX *tctx = s->session_ctx;
unsigned char tick_nonce[TICKET_NONCE_SIZE];
unsigned char age_add_c[sizeof(uint32_t)];
uint32_t age_add;
} age_add_u;
- int ret = 0;
+ CON_FUNC_RETURN ret = CON_FUNC_ERROR;
age_add_u.age_add = 0;
goto err;
}
} else {
- int tmpret;
+ CON_FUNC_RETURN tmpret;
tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add,
tick_nonce);
- if (tmpret != 1) {
- if (tmpret == 0) {
- ret = 2; /* Non-fatal. Abort construction but continue */
+ if (tmpret != CON_FUNC_SUCCESS) {
+ if (tmpret == CON_FUNC_DONT_SEND) {
+ /* Non-fatal. Abort construction but continue */
+ ret = CON_FUNC_DONT_SEND;
/* We count this as a success so update the counts anwyay */
tls_update_ticket_counts(s);
}
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
}
- ret = 1;
+ ret = CON_FUNC_SUCCESS;
err:
return ret;
}
return 1;
}
-int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt)
+CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!tls_construct_cert_status_body(s, pkt)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
}
#endif
-static int tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt)
+static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s,
+ WPACKET *pkt)
{
if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
NULL, 0)) {
/* SSLfatal() already called */
- return 0;
+ return CON_FUNC_ERROR;
}
- return 1;
+ return CON_FUNC_SUCCESS;
}
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, PACKET *pkt)